Skip to main content
CVE-2015-4024 MEDIUM POC PATCH THREAT This Month

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.5%.

Denial Of Service PHP Enterprise Linux Mac Os X System Management Homepage +8
NVD
CVSS 2.0
5.0
EPSS
75.5%
Threat
4.8
CVE-2015-3648 HIGH POC THREAT Act Now

Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.7%.

Path Traversal PHP Resourcespace
NVD
CVSS 2.0
7.5
EPSS
51.7%
Threat
4.6
CVE-2015-4147 HIGH POC PATCH THREAT Act Now

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.

RCE PHP Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +4
NVD
CVSS 2.0
7.5
EPSS
50.8%
Threat
4.5
CVE-2015-3330 MEDIUM POC PATCH THREAT This Month

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 39.0%.

RCE PHP Denial Of Service Apache Linux +9
NVD
CVSS 2.0
6.8
EPSS
39.0%
Threat
4.0
CVE-2015-4021 MEDIUM POC PATCH THREAT This Month

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.0%.

Denial Of Service PHP Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node +6
NVD
CVSS 2.0
5.0
EPSS
42.0%
CVE-2015-3329 HIGH POC PATCH THREAT Act Now

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.8%.

RCE PHP Buffer Overflow Mac Os X Enterprise Linux Desktop +8
NVD
CVSS 2.0
7.5
EPSS
28.8%
CVE-2015-4022 HIGH POC PATCH THREAT Act Now

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.6%.

RCE PHP Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node +6
NVD
CVSS 2.0
7.5
EPSS
20.6%
CVE-2015-4335 CRITICAL POC Act Now

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Redis RCE Debian Linux
NVD GitHub
CVSS 2.0
10.0
EPSS
8.1%
CVE-2015-3200 HIGH POC THREAT Act Now

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.0%.

Code Injection Lighttpd Virtual Customer Access System Solaris
NVD
CVSS 3.0
7.5
EPSS
20.0%
CVE-2015-3307 HIGH POC PATCH THREAT Act Now

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

Denial Of Service PHP Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node +6
NVD
CVSS 2.0
7.5
EPSS
18.4%
CVE-2015-4026 HIGH POC PATCH This Week

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Authentication Bypass Enterprise Linux Mac Os X Enterprise Linux Desktop +5
NVD
CVSS 2.0
7.5
EPSS
9.6%
CVE-2015-4148 MEDIUM POC PATCH THREAT This Month

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

PHP Information Disclosure Mac Os X Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
16.9%
CVE-2015-2783 MEDIUM POC PATCH This Month

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service PHP Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node +6
NVD
CVSS 2.0
5.8
EPSS
9.7%
CVE-2015-4109 HIGH POC This Week

Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Usersultra
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-7872 HIGH POC This Week

Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Geekbuddy
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.7%
CVE-2015-4010 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF WordPress PHP Encrypted Contact Form
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.4%
CVE-2015-3624 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Ektron Content Management System
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
0.8%
CVE-2015-4025 HIGH PATCH This Week

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Authentication Bypass Mac Os X Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
CVSS 2.0
7.5
EPSS
6.1%
CVE-2014-9284 HIGH This Week

The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wsr 600Dhp Firmware Whr 300Hp2 Firmware Whr 1166Dhp Firmware Bhr 4Grv2 Firmware +3
NVD
CVSS 2.0
7.7
EPSS
0.7%
CVE-2015-2959 HIGH PATCH This Week

Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Zoho Authentication Bypass Manageengine Netflow Analyzer
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2015-4427 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ektron Content Management System
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-4080 MEDIUM This Month

The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Smartsocket
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2015-2961 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Zoho CSRF Manageengine Netflow Analyzer
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-3436 MEDIUM This Month

provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zarafa Collaboration Platform
NVD
CVSS 2.0
6.6
EPSS
0.0%
CVE-2015-4418 MEDIUM This Month

Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Netflow Analyzer
NVD
CVSS 2.0
5.0
EPSS
4.9%
CVE-2015-2960 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Zoho XSS Manageengine Netflow Analyzer
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy